

ABSTRACT

This fault-tolerant computer system employs multiple (for example, three) identical CPUs executing the same instruction stream, with multiple (for example, two) memory modules which in their address space of the CPUs store duplicates of the same data. The CPUs are loosely synchronized, as by detecting events such as memory references and stalling any CPU ahead of the others until all execute the respective function simultaneously. Interrupts are synchronized by ensuring that all CPUs implement the interrupt at the same point in their instruction stream. Memory references via the separate CPU-to-memory busses are voted at the three separate ports of each of the memory modules. I/O functions are implemented using two identical I/O busses, each of which is separately coupled to only one of the memory modules. A number of I/O processors are coupled to both I/O busses. I/O devices are accessed through a pair of redundant identical I/O processors, but only one is designated to actively control a given I/O device. In case of failure of one I/O processor, however, an I/O device can be accessed by the other one without system shutdown, i.e., by merely redesignating the addresses of the registers of the I/O device under instruction control. &lt;IMAGE&gt;



